On Tue, 16 Oct 2012, Jakub Wilk <jwilk@debian.org> wrote:
> * martin f krafft <madduck@debian.org>, 2012-10-16, 08:21:
> >>This is my opinion but I admit I have not followed previous
> >>discussions on the subject....
> >
> >http://lists.debian.org/debian-security/2004/09/msg00014.html
> >
> >We have not cared enough for almost 20 years that 9 out of 10 binary
> >packages in use (i386 until 2005, amd64 since then) are built on
> >machines that are individually maintained according to widely varying
> >security standards to do anything about it, AFAICT.
>
> What makes a buildd more secure than a machine of J. Random Developer?
> I'm honestly curious.
I believe that the sysadmin skill of the people who run the build servers is
greater than that of most DDs.
The Debian servers are run in relatively secure environments as opposed to DD
workstations being laptops that are often stored in hotel rooms and other
fairly insecure environments.
There are a fairly small number of Debian servers. So even if the probability
of system compromise for a Debian server was the same as for a laptop owned by
a random DD the fact that DD workstations outnumber Debian servers by at least
200:1 makes them more of a risk.
One final think to note is that if an attacker manages to compromise a Debian
server they will probably start by compromising the workstation used by a
random DD. So I don't think that the case of a compromised server with
thousands of secure workstations is a case to prepare for, but the case of
compromised workstation(s) before a compromised server is one to prepare for.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/